check_ajax_referer does not protect from CSRF at all

Description

check_ajax_referer only checks if the incoming request contains valid user credentials but wp_get_current_user still uses WP cookies to determine the current user, so anyone with a subscriber role (or another role) can perform CSRF attacks.